Language:
SEARCH

report phishing

How do I report phishing?

Friday, November 2nd, 2018

You’ve received a suspicious email, what should you do with it? Firstly, don’t click on any links. But just as important, send it to us so we can prevent more staff and students falling prey to the scam. We encourage our customers to submit potential phishing examples for review. Using these submissions, the CSIRT team can learn from the analysis of these messages. This collectively helps to improve the level of virus and spam detection.

What is phishing?

Phishing attacks are designed to steal a person’s login and password details so that the cybercriminal can assume control of the victim’s social network, email, and online bank accounts. Seventy percent of internet users choose the same password for almost every web service they use. This is why phishing is so effective, as the criminal, by using the same login details, can access multiple private accounts and manipulate them for their own good. 

More on how to recognise a phishing email. 

Submitting Examples

Spam or phishing examples must be sent in either.EML or .MSG format as an attachment and must not be forwarded. This ensures the original email can be analysed with its full Internet message headers intact.

 The best way to manually submit a spam example is to:

  1. Create a new message.
  2. Drag and drop the spam email into the new message, so it is added as an attachment.
  3. Send to csirt@sun.ac.za.

 Alternatively, use the mail application to save the email (usually located under File | Save As) as an .EML or .MSG format to a folder location, and attach the saved file to a new email.

Also read: Cybersecurity Awareness month: Some statistics and common sense advice

Warning: Phishing scam exploiting ABSA new logo

Tuesday, July 17th, 2018

Many of you use ABSA as your bank of choice, as well as making use of ABSA Bank’s Internet Banking facilities, so this warning might be of particular significance.

Earlier this month ABSA announced a new logo – part of its rebranding campaign – and almost immediately phishing scammers exploited this opportunity to continue their nefarious campaign of identity theft through phishing email attacks.

Several users have reported getting the following email – allegedly from ABSA – taking advantage of the new logo to target the bank’s customers in a phishing email scam by attempting to trick users to click on a link to take them to a fake website.

The scam email states that it comes from Absa CEO Maria Ramos, but it’s actually from an outside source and informs victims that “today marks a very significant day in the Absa journey”. The email uses Absa’s slogan, saying “We are also launching a new, fresh and vibrant Absa logo and identity that reflects our commitment to you, our customers”. Potential victims are then encouraged to click on their “New Absa eStatements” in PDF format. This is not a statement, but an HTML file which takes users to a phishing website.

Here is one example of the phishing e-mail which has already appeared in several University email accounts, as well as personal home email accounts:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

As always, you should never respond to a suspicious looking email or message or click on a link in any suspicious looking email. Rather delete the email. No South African bank will ever contact customers and request sensitive information (card PIN, card CVV or online banking password) via email, telephone or SMS.

If you have received a phishing email, immediately report it to the Information Technology CyberSecurity Team using the following method:
 
1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:
If you did click on the link of a phishing spam and unwittingly gave the scammers your username, email address and password  immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different and is a strong password that will not be easily guessed.), as well as changing the passwords on your social media and private email accounts (especially if you use the same passwords on these accounts.)
 
Useful information on how to report and combat phishing and spam can also be found on our blog

[ARTICLE BY DAVID WILES]

Phishing Scam about “Unexpected Mail Shutdown

Wednesday, June 6th, 2018

There is currently a bombardment of phishing emails arriving in university accounts about an “Unexpected Mail Shutdown”. The mail used alarmist threats about pending shutdowns and has all the signs of a phishing scam, including a website that is not on the university network.

This is a typical phishing scam and although it is being sent to university addresses, you should not react, respond or click on any links, as the phishers insert your email address in the link field and thus can identify your account as functional.

Below is the mail arriving in many university accounts:

 

If you have received this mail like this, please report is to the Information Technology Cybersecurity Team using the following method:

Send the spam/phishing mail to help@sun.ac.za and sysadm@sun.ac.za

Attach the phishing or suspicious mail on to the message if possible.
1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.

[Information supplied by David Wiles]

Phishing mail using intimidation and threats

Friday, June 1st, 2018

There is no need to panic or be in anyway concerned for your personal safety about the latest batch of “phishing” emails that are going out with “death threats” or extortion regarding your “alleged” online activity around pornography sites etc.

A simple Google search using the following term “I Was Paid To Kill You scam” gave me 43 million results, all of the first 100 or so pages reporting this mail as a scam. A further search, narrowing the results down to only South Africa and only from last week, resulted in a little over 100 000 results, all of which were reporting as a hoax.

A similar scam first surfaced in the USA in 2006. An email from a would-be assassin was sent to a number of users from a Russian e-mail address. The “assassin” apparently appointed by a close acquaintance of his target, offers the victim the opportunity to buy him or herself a new lease on life by paying between $50,000 and $150,000.

If you receive mail like this, you should never panic. If you look at the extortion mail there are clues that reveal that the mail is a hoax:

  1. The subject line: “I Was Paid To Kill You”, “YOU SHOULD BE ASHAMED OF YOURSELF”, “YOUR PRIVACY HAS BEEN COMPROMISED”
    These are designed to cause anxiety, stress and panic.
  2. Time limits: “You have 48 Hours to pay…”
    How can the scammer know that you have received the mail and when you have read the mail and keep track of time to see if “48-hours” has passed?
  3. Engagement: “Contact me back via e-mail…”
    Never make contact with the scammers. This immediately alerts them that a “real person” read their mail and they will be able to concentrate their nefarious efforts on you.

If you ever receive emails like these, please report is to the Information Technology Cybersecurity Team using the following method:

Send the spam/phishing mail to help@sun.ac.za and sysadm@sun.ac.za.

Attach the phishing or suspicious mail on to the message if possible.
1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.

[Article by David Wiles]

Phishing scam disguised as the university’s single-sign on page

Wednesday, May 16th, 2018

Due to the vigilance of an observant personnel member from the US Business School, we have encountered a dangerous phishing scam being sent from a compromised UNISA account.

The Subject is “Dear SUN E-mail User © Copyright 2018 Stellenbosch University” which should immediately raise eyebrows. The phishing email “warns” you about the pending expiration of your e-mail account and prompts you to click on a link to reactivate it.

See below what the mail looks like:

The danger is that the phishing scammers have perfectly forged the university’s SINGLE SIGN-ON page, that is used by students an personnel to access the portal pages, the my.sun.ac.za page, SUNLearn etc., as you can see below. Not many people will notice that the address is not a university address, neither is it secure.

It is imperative that you do not click on the link in the mail, and do not provide the scammers with your username and password as they might be able to access the university’s systems that are accessible through the Single Sign-On page.

Last year scammers were able to forge the e-HR login page through a phishing scam and several staff members had their bank accounts details and other personal details exposed to the scammers.  In the light of the issues that Tygerberg staff have been having with general network access earlier this month, and this week’s issue with e-mail, the arrival of this sort of mail at this time can fool some people into thinking that it is legitimate and lead to compromised network and e-mail accounts.

Here’s how to report any phishing or spam mail:

Send the spam/phishing mail to help@sun.ac.za and sysadm@sun.ac.za.

Attach the phishing or suspicious mail on to the message if possible.
1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.

[Information supplied by David Wiles]

 

© 2013-2018 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.